Mixed Content: Move subframe checks into ResourceFetcher.

Source/core/fetch/ResourceFetcher.cpp

 /*
     Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de)
     Copyright (C) 2001 Dirk Mueller (mueller@kde.org)
     Copyright (C) 2002 Waldo Bastian (bastian@kde.org)
     Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserved.
     Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/
 
     This library is free software; you can redistribute it and/or
     modify it under the terms of the GNU Library General Public
     License as published by the Free Software Foundation; either
@@ skipping 284 matching lines @@
     options.synchronousPolicy = RequestSynchronously;
     request.setOptions(options);
     return requestResource(Resource::Raw, request);
 }
 
 ResourcePtr<ImageResource> ResourceFetcher::fetchImage(FetchRequest& request)
 {
     if (LocalFrame* f = frame()) {
         if (f->document()->pageDismissalEventBeingDispatched() != Document::NoDismissal) {
             KURL requestURL = request.resourceRequest().url();
-            if (requestURL.isValid() && canRequest(Resource::Image, requestURL, request.options(), request.forPreload(), request.originRestriction()))
+            if (requestURL.isValid() && canRequest(Resource::Image, request.resourceRequest(), requestURL, request.options(), request.forPreload(), request.originRestriction()))
                 PingLoader::loadImage(f, requestURL);
             return 0;
         }
     }
 
     if (request.resourceRequest().url().protocolIsData())
         preCacheDataURIImage(request);
 
     request.setDefer(clientDefersImage(request.resourceRequest().url()) ? FetchRequest::DeferredByClient : FetchRequest::NoDefer);
     ResourcePtr<Resource> resource = requestResource(Resource::Image, request);
@@ skipping 108 matching lines @@
     resource->setNeedsSynchronousCacheHit(substituteData.forceSynchronousLoad());
     resource->setOptions(request.options());
     resource->setDataBufferingPolicy(BufferData);
     resource->responseReceived(response);
     if (substituteData.content()->size())
         resource->setResourceBuffer(substituteData.content());
     resource->finish();
     memoryCache()->add(resource.get());
 }
 
-bool ResourceFetcher::checkInsecureContent(Resource::Type type, const KURL& url, MixedContentBlockingTreatment treatment) const
+bool ResourceFetcher::checkInsecureContent(Resource::Type type, const KURL& url, LocalFrame* frame, MixedContentBlockingTreatment treatment) const
 {
     if (treatment == TreatAsDefaultForType) {
         switch (type) {
         case Resource::XSLStyleSheet:
             ASSERT(RuntimeEnabledFeatures::xsltEnabled());
         case Resource::Script:
         case Resource::SVGDocument:
         case Resource::CSSStyleSheet:
         case Resource::ImportResource:
             // These resource can inject script into the current document (Script,
@@ skipping 16 matching lines @@
             break;
 
         case Resource::MainResource:
         case Resource::LinkPrefetch:
         case Resource::LinkSubresource:
             // These cannot affect the current document.
             treatment = TreatAsAlwaysAllowedContent;
             break;
         }
     }
+
+    // No frame, no mixed content.
+    if (!frame)
+        return true;
+
     if (treatment == TreatAsActiveContent) {
-        if (LocalFrame* f = frame()) {
-            if (!f->loader().mixedContentChecker()->canRunInsecureContent(m_document->securityOrigin(), url))
-                return false;
-        }
+        if (!frame->loader().mixedContentChecker()->canRunInsecureContent(frame->document()->securityOrigin(), url))
+            return false;
     } else if (treatment == TreatAsPassiveContent) {
-        if (LocalFrame* f = frame()) {
-            if (!f->loader().mixedContentChecker()->canDisplayInsecureContent(m_document->securityOrigin(), url))
-                return false;
-            if (MixedContentChecker::isMixedContent(f->document()->securityOrigin(), url) || MixedContentChecker::isMixedContent(toLocalFrame(frame()->tree().top())->document()->securityOrigin(), url)) {
-                switch (type) {
-                case Resource::Raw:
-                    UseCounter::count(f->document(), UseCounter::MixedContentRaw);
-                    break;
+        if (!frame->loader().mixedContentChecker()->canDisplayInsecureContent(frame->document()->securityOrigin(), url))
+            return false;
+        if (MixedContentChecker::isMixedContent(frame->document()->securityOrigin(), url) || MixedContentChecker::isMixedContent(toLocalFrame(frame->tree().top())->document()->securityOrigin(), url)) {
+            switch (type) {
+            case Resource::Raw:
+                UseCounter::count(frame->document(), UseCounter::MixedContentRaw);
+                break;
 
-                case Resource::Image:
-                    UseCounter::count(f->document(), UseCounter::MixedContentImage);
-                    break;
+            case Resource::Image:
+                UseCounter::count(frame->document(), UseCounter::MixedContentImage);
+                break;
 
-                case Resource::Media:
-                    UseCounter::count(f->document(), UseCounter::MixedContentMedia);
-                    break;
+            case Resource::Media:
+                UseCounter::count(frame->document(), UseCounter::MixedContentMedia);
+                break;
 
-                default:
-                    ASSERT_NOT_REACHED();
-                }
+            default:
+                ASSERT_NOT_REACHED();
             }
         }
     } else {
         ASSERT(treatment == TreatAsAlwaysAllowedContent);
     }
     return true;
 }
 
-bool ResourceFetcher::canRequest(Resource::Type type, const KURL& url, const ResourceLoaderOptions& options, bool forPreload, FetchRequest::OriginRestriction originRestriction) const
+bool ResourceFetcher::canRequest(Resource::Type type, const ResourceRequest& resourceRequest, const KURL& url, const ResourceLoaderOptions& options, bool forPreload, FetchRequest::OriginRestriction originRestriction) const
 {
     SecurityOrigin* securityOrigin = options.securityOrigin.get();
     if (!securityOrigin && document())
         securityOrigin = document()->securityOrigin();
 
     if (originRestriction != FetchRequest::NoOriginRestriction && securityOrigin && !securityOrigin->canDisplay(url)) {
         if (!forPreload)
             context().reportLocalLoadFailed(url);
         WTF_LOG(ResourceLoading, "ResourceFetcher::requestResource URL was not allowed by SecurityOrigin::canDisplay");
         return 0;
@@ skipping 101 matching lines @@
     if (type != Resource::MainResource) {
         if (frame() && frame()->chromeClient().isSVGImageChromeClient() && !url.protocolIsData())
             return false;
     }
 
     // Last of all, check for insecure content. We do this last so that when
     // folks block insecure content with a CSP policy, they don't get a warning.
     // They'll still get a warning in the console about CSP blocking the load.
 
     // FIXME: Should we consider forPreload here?
-    if (!checkInsecureContent(type, url, options.mixedContentBlockingTreatment))
+    //    printf("Evaluating %s in %s\n- Type: %d\n- Context: %d\n- Frame Type: %d\n\n",

[jochen (gone - plz use gerrit), 2014/09/04 11:06:23]

remove?

[Mike West, 2014/09/04 11:07:34]

Ah. Ha. *cough* Yes. :)

+    //            url.string().utf8().data(), frame()->document()->securityOrigin()->toString().utf8().data(),
+    //            type, resourceRequest.requestContext(), resourceRequest.frameType());
+
+    // If we're loading the main resource of a subframe, ensure that we treat the resource as active
+    // content for the purposes of mixed content checks, and that we check against the parent of the
+    // active frame, rather than the frame itself.
+    LocalFrame* effectiveFrame = frame();
+    MixedContentBlockingTreatment effectiveTreatment = options.mixedContentBlockingTreatment;
+    if (resourceRequest.frameType() == WebURLRequest::FrameTypeNested) {
+        effectiveTreatment = TreatAsActiveContent;
+        // FIXME: Deal with RemoteFrames.
+        if (frame()->tree().parent()->isLocalFrame())
+            effectiveFrame = toLocalFrame(frame()->tree().parent());
+    }
+
+    if (!checkInsecureContent(type, url, effectiveFrame, effectiveTreatment))
         return false;
 
     return true;
 }
 
 bool ResourceFetcher::canAccessResource(Resource* resource, SecurityOrigin* sourceOrigin, const KURL& url) const
 {
     // Redirects can change the response URL different from one of request.
-    if (!canRequest(resource->type(), url, resource->options(), resource->isUnusedPreload(), FetchRequest::UseDefaultOriginRestrictionForType))
+    if (!canRequest(resource->type(), resource->resourceRequest(), url, resource->options(), resource->isUnusedPreload(), FetchRequest::UseDefaultOriginRestrictionForType))
         return false;
 
     if (!sourceOrigin && document())
         sourceOrigin = document()->securityOrigin();
 
     if (sourceOrigin->canRequest(url))
         return true;
 
     String errorDescription;
     if (!resource->passesAccessControlCheck(sourceOrigin, errorDescription)) {
@@ skipping 59 matching lines @@
     KURL url = request.resourceRequest().url();
 
     WTF_LOG(ResourceLoading, "ResourceFetcher::requestResource '%s', charset '%s', priority=%d, forPreload=%u, type=%s", url.elidedString().latin1().data(), request.charset().latin1().data(), request.priority(), request.forPreload(), ResourceTypeName(type));
 
     // If only the fragment identifiers differ, it is the same resource.
     url = MemoryCache::removeFragmentIdentifierIfNeeded(url);
 
     if (!url.isValid())
         return 0;
 
-    if (!canRequest(type, url, request.options(), request.forPreload(), request.originRestriction()))
+    if (!canRequest(type, request.resourceRequest(), url, request.options(), request.forPreload(), request.originRestriction()))
         return 0;
 
     if (LocalFrame* f = frame())
         f->loader().client()->dispatchWillRequestResource(&request);
 
     if (!request.forPreload()) {
         V8DOMActivityLogger* activityLogger = 0;
         if (request.options().initiatorInfo.name == FetchInitiatorTypeNames::xmlhttprequest)
             activityLogger = V8DOMActivityLogger::currentActivityLogger();
         else
@@ skipping 602 matching lines @@
 
 void ResourceFetcher::willSendRequest(unsigned long identifier, ResourceRequest& request, const ResourceResponse& redirectResponse, const FetchInitiatorInfo& initiatorInfo)
 {
     context().dispatchWillSendRequest(m_documentLoader, identifier, request, redirectResponse, initiatorInfo);
 }
 
 void ResourceFetcher::didReceiveResponse(const Resource* resource, const ResourceResponse& response)
 {
     // If the response is fetched via ServiceWorker, the original URL of the response could be different from the URL of the request.
     if (response.wasFetchedViaServiceWorker()) {
-        if (!canRequest(resource->type(), response.url(), resource->options(), false, FetchRequest::UseDefaultOriginRestrictionForType)) {
+        if (!canRequest(resource->type(), resource->resourceRequest(), response.url(), resource->options(), false, FetchRequest::UseDefaultOriginRestrictionForType)) {
             resource->loader()->cancel();
             context().dispatchDidFail(m_documentLoader, resource->identifier(), ResourceError(errorDomainBlinkInternal, 0, response.url().string(), "Unsafe attempt to load URL " + response.url().elidedString() + " fetched by a ServiceWorker."));
             return;
         }
     }
     context().dispatchDidReceiveResponse(m_documentLoader, resource->identifier(), response, resource->loader());
 }
 
 void ResourceFetcher::didReceiveData(const Resource* resource, const char* data, int dataLength, int encodedDataLength)
 {
@@ skipping 70 matching lines @@
     return false;
 }
 
 bool ResourceFetcher::isLoadedBy(ResourceLoaderHost* possibleOwner) const
 {
     return this == possibleOwner;
 }
 
 bool ResourceFetcher::canAccessRedirect(Resource* resource, ResourceRequest& request, const ResourceResponse& redirectResponse, ResourceLoaderOptions& options)
 {
-    if (!canRequest(resource->type(), request.url(), options, resource->isUnusedPreload(), FetchRequest::UseDefaultOriginRestrictionForType))
+    if (!canRequest(resource->type(), request, request.url(), options, resource->isUnusedPreload(), FetchRequest::UseDefaultOriginRestrictionForType))
         return false;
     if (options.corsEnabled == IsCORSEnabled) {
         SecurityOrigin* sourceOrigin = options.securityOrigin.get();
         if (!sourceOrigin && document())
             sourceOrigin = document()->securityOrigin();
 
         String errorMessage;
         if (!CrossOriginAccessControl::handleRedirect(resource, sourceOrigin, request, redirectResponse, options, errorMessage)) {
             if (resource->type() == Resource::Font)
                 toFontResource(resource)->setCORSFailed();
@@ skipping 112 matching lines @@
 
 void ResourceFetcher::trace(Visitor* visitor)
 {
     visitor->trace(m_document);
     visitor->trace(m_loaders);
     visitor->trace(m_multipartLoaders);
     ResourceLoaderHost::trace(visitor);
 }
 
 }